Threat Actor

A threat actor is a broad term for any entity that poses a deliberate security threat. The category spans a wide spectrum: from lone opportunistic scammers sending mass phishing emails, to organised cybercriminal gangs operating ransomware-as-a-service platforms, to nation-state intelligence agencies conducting espionage or sabotage.

Security researchers classify threat actors by their motivation (financial gain, espionage, disruption, ideology), capability (script kiddie versus advanced persistent threat group), and targeting (opportunistic versus highly targeted). Understanding which type of threat actor is relevant to a situation shapes the appropriate defensive response.

For the general public, the most commonly encountered threat actors are financially motivated criminal groups and fraud rings that run large-scale scam operations — romance scams, investment fraud, phishing campaigns, and identity theft schemes. These groups often operate across borders, exploit victims in multiple countries simultaneously, and leverage legitimate-looking infrastructure to evade detection.